diff --git a/kernel/ksu.c b/kernel/ksu.c index 58ab8b78..5f3e6f31 100644 --- a/kernel/ksu.c +++ b/kernel/ksu.c @@ -11,10 +11,6 @@ #include "ksu.h" #include "throne_tracker.h" -#ifdef CONFIG_KSU_SUSFS -#include -#endif - static struct workqueue_struct *ksu_workqueue; bool ksu_queue_work(struct work_struct *work) @@ -53,10 +49,6 @@ int __init kernelsu_init(void) pr_alert("*************************************************************"); #endif -#ifdef CONFIG_KSU_SUSFS - susfs_init(); -#endif - ksu_core_init(); ksu_workqueue = alloc_ordered_workqueue("kernelsu_work_queue", 0); diff --git a/kernel/ksud.c b/kernel/ksud.c index 698dbd8f..2ac537d3 100644 --- a/kernel/ksud.c +++ b/kernel/ksud.c @@ -64,10 +64,6 @@ bool ksu_execveat_hook __read_mostly = true; bool ksu_input_hook __read_mostly = true; #endif -#ifdef CONFIG_KSU_SUSFS_SUS_SU -bool ksu_devpts_hook = false; -#endif - u32 ksu_devpts_sid; void on_post_fs_data(void) diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index c7dada5a..1ba6d853 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -134,14 +134,6 @@ void apply_kernelsu_rules() ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid"); ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill"); -#ifdef CONFIG_KSU_SUSFS - // Allow umount in zygote process without installing zygisk - ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount"); - susfs_set_init_sid(); - susfs_set_ksu_sid(); - susfs_set_zygote_sid(); -#endif - rcu_read_unlock(); } diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c index 4047d064..421fba46 100644 --- a/kernel/selinux/selinux.c +++ b/kernel/selinux/selinux.c @@ -8,14 +8,6 @@ #define KERNEL_SU_DOMAIN "u:r:su:s0" -#ifdef CONFIG_KSU_SUSFS -#define KERNEL_INIT_DOMAIN "u:r:init:s0" -#define KERNEL_ZYGOTE_DOMAIN "u:r:zygote:s0" -u32 susfs_ksu_sid = 0; -u32 susfs_init_sid = 0; -u32 susfs_zygote_sid = 0; -#endif - static int transive_to_domain(const char *domain) { struct cred *cred; @@ -139,83 +131,6 @@ bool is_zygote(void *sec) return result; } -#ifdef CONFIG_KSU_SUSFS -static inline void susfs_set_sid(const char *secctx_name, u32 *out_sid) -{ - int err; - - if (!secctx_name || !out_sid) { - pr_err("secctx_name || out_sid is NULL\n"); - return; - } - - err = security_secctx_to_secid(secctx_name, strlen(secctx_name), - out_sid); - if (err) { - pr_err("failed setting sid for '%s', err: %d\n", secctx_name, err); - return; - } - pr_info("sid '%u' is set for secctx_name '%s'\n", *out_sid, secctx_name); -} - -bool susfs_is_sid_equal(void *sec, u32 sid2) { - struct task_security_struct *tsec = (struct task_security_struct *)sec; - if (!tsec) { - return false; - } - return tsec->sid == sid2; -} - -u32 susfs_get_sid_from_name(const char *secctx_name) -{ - u32 out_sid = 0; - int err; - - if (!secctx_name) { - pr_err("secctx_name is NULL\n"); - return 0; - } - err = security_secctx_to_secid(secctx_name, strlen(secctx_name), - &out_sid); - if (err) { - pr_err("failed getting sid from secctx_name: %s, err: %d\n", secctx_name, err); - return 0; - } - return out_sid; -} - -u32 susfs_get_current_sid(void) { - return current_sid(); -} - -void susfs_set_zygote_sid(void) -{ - susfs_set_sid(KERNEL_ZYGOTE_DOMAIN, &susfs_zygote_sid); -} - -bool susfs_is_current_zygote_domain(void) { - return unlikely(current_sid() == susfs_zygote_sid); -} - -void susfs_set_ksu_sid(void) -{ - susfs_set_sid(KERNEL_SU_DOMAIN, &susfs_ksu_sid); -} - -bool susfs_is_current_ksu_domain(void) { - return unlikely(current_sid() == susfs_ksu_sid); -} - -void susfs_set_init_sid(void) -{ - susfs_set_sid(KERNEL_INIT_DOMAIN, &susfs_init_sid); -} - -bool susfs_is_current_init_domain(void) { - return unlikely(current_sid() == susfs_init_sid); -} -#endif - #define DEVPTS_DOMAIN "u:object_r:ksu_file:s0" u32 ksu_get_devpts_sid() diff --git a/kernel/sucompat.c b/kernel/sucompat.c index 7b0b02c7..ca1d379d 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -364,23 +364,3 @@ void ksu_sucompat_exit() } -#ifdef CONFIG_KSU_SUSFS_SUS_SU -extern bool ksu_devpts_hook; - -void ksu_susfs_disable_sus_su(void) { - enable_kprobe(&execve_kp); - enable_kprobe(&newfstatat_kp); - enable_kprobe(&faccessat_kp); - enable_kprobe(&pts_unix98_lookup_kp); - ksu_devpts_hook = false; -} - -void ksu_susfs_enable_sus_su(void) { - disable_kprobe(&execve_kp); - disable_kprobe(&newfstatat_kp); - disable_kprobe(&faccessat_kp); - disable_kprobe(&pts_unix98_lookup_kp); - ksu_devpts_hook = true; -} -#endif -